US military's Central Command (Centcom) pages were hijacked by people claiming to operate on behalf of Islamic State. Both Twitter accounts were temporarily suspended. Centcom has called the incident vandalism, and says it did not affect operations, nor was it a serious data breach.
Centcom mislabeled the event as nuisance.
This undervalues this breach. All targeted cyber attacks start with multistage breaches. The first stage involves reconnaissance of the potential arena where the ultimate attacks would take place. Twitter is one of the many methods used in collecting information about names, locations and activities of individuals. Results are then fed into follow-on attacks.
There is no reason why Centcom, a strategically critical U.S. command need to rely on Twitter, a notoriously insecure communication method. My only explanation is that the fundamentally inadequate DoD e-mail system is not only ponderous but also largely inadequate for person-to-person communications. Twitter has simplicity and ease of use because the DoD e-mail – engaged in a decade-long controversy – has never been fixed to deliver assured messages.
Labeling Twitter messages as a nuisance overlooks the security of messages to and from our key military command. Though most of the messages would be innocuous, there will be always a few transmissions that will offer leading clues where to direct further penetrations.
Highly sensitive sources of information must be always protected. Twitter is not. DoD should finally fix its e-mail rather than just call for another round of more onerous password formats.